Install the Log Correlation Engine Server

Before You Begin:

Download the Log Correlation Engine server package from the Tenable downloads page.
Install the software the Log Correlation Engine server is dependent on.

Installation Location

Caution: /opt/lce/ must not contain any symbolic links.

Installing the Package

Note: To ensure consistency of audit record time stamps between the Log Correlation Engine and Tenable Security Center, make sure that the underlying OS makes use of the Network Time Protocol (NTP) as described at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-Date_and_Time_Configuration-Command_Line_Configuration-Network_Time_Protocol.html

If you are upgrading from a previous version of Log Correlation Engine , please skip this section and see Upgrade the Tenable Log Correlation Engine Server. Please follow the instructions in this section for new installations.

To install the Log Correlation Engine RPM, enter the following command: rpm -ivh <package name>, where <package name> is the name of the Log Correlation Engine server package you downloaded from the Tenable downloads page.

For example:

 
Preparing...                ########################################### [100%]
  1:lce                        ########################################### [100%]
The installation process is complete.
Please refer to /var/log/lce_upgrade.log to review installation messages.
This is a new installation. To configure LCE, please direct your browser to:
https://l92.168.1.101:8836

The installation process will create a user and group named lce and install the Log Correlation Engine server to the /opt/lce directory. All files will be installed with the user and group of lce except for the majority of Log Correlation Engine daemons, which are set-user-id root. An Log Correlation Engine daemon is started by the root user; once the appropriate port(s) are bound, it will drop root privileges.